List of usage examples for org.springframework.web.filter OncePerRequestFilter OncePerRequestFilter
OncePerRequestFilter
From source file:com.arya.latihan.config.SecurityConfiguration.java
/** * Method untuk menyimpan CSRF TOKEN di cookie browser. * Token disimpan dengan nama XSRF-TOKEN karena AngularJS mengenal CSRF sebagai XSRF * @return Filter/* www .j ava 2 s . co m*/ */ private Filter csrfHeaderFilter() { return new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrfToken != null) { String token = csrfToken.getToken(); Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");// angular js menamai CSRF dengan XSRF if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie); } } filterChain.doFilter(request, response); } }; }
From source file:cn.designthougths.sample.axon.sfav.webui.UIApplication.java
private Filter csrfHeaderFilter() { return new OncePerRequestFilter() { @Override//from w w w . j av a 2 s . c o m protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie); } } filterChain.doFilter(request, response); } }; }
From source file:org.zaizi.sensefy.auth.LoginConfig.java
private Filter csrfHeaderFilter() { return new OncePerRequestFilter() { @Override/*from w w w . ja v a2 s.c om*/ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie); // response.setHeader("Access-Control-Allow-Origin", // "*"); // response.setHeader("Access-Control-Allow-Methods", // "POST, GET, OPTIONS, DELETE"); // response.setHeader("Access-Control-Max-Age", // "3600"); // response.setHeader("Access-Control-Allow-Headers", // "x-requested-with"); } } filterChain.doFilter(request, response); } }; }
From source file:org.openlmis.notification.ResourceServerSecurityConfiguration.java
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override//from w ww . j a v a 2 s . c o m protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.csrf().disable(); http.anonymous().and().authorizeRequests() .antMatchers("/notification", "/webjars/**", "/notification/webjars/**", "/notification/docs/**") .permitAll().antMatchers("/**").fullyAuthenticated(); }
From source file:org.openlmis.fulfillment.security.ResourceServerSecurityConfiguration.java
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override/*from w ww. j a v a 2 s . c o m*/ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.csrf().disable(); http.authorizeRequests() .antMatchers("/fulfillment", "/webjars/**", "/fulfillment/webjars/**", "/fulfillment/docs/**") .permitAll().antMatchers("/**").fullyAuthenticated(); }
From source file:org.moserp.infrastructure.gateway.config.OAuthConfiguration.java
/** * Spring security offers in-built protection for cross site request forgery * (CSRF) by needing a custom token in the header for any requests that are * NOT safe i.e. modify the resources from the server e.g. POST, PUT & PATCH * etc.<br>/*from w ww .ja v a 2s. c o m*/ * <br> * * This protection is achieved using cookies that send a custom value (would * remain same for the session) in the first request and then the front-end * would send back the value as a custom header.<br> * <br> * * In this method we create a filter that is applied to the web security as * follows: * <ol> * <li>Spring security provides the CSRF token value as a request attribute; * so we extract it from there.</li> * <li>If we have the token, Angular wants the cookie name to be * "XSRF-TOKEN". So we add the cookie if it's not there and set the path for * the cookie to be "/" which is root. In more complicated cases, this might * have to be the context root of the api gateway.</li> * <li>We forward the request to the next filter in the chain</li> * </ol> * * The request-to-cookie filter that we add needs to be after the * <code>csrf()</code> filter so that the request attribute for CsrfToken * has been already added before we start to process it. * * @return */ private Filter createCSRFHeaderFilter() { return new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, CSRF_COOKIE_NAME); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie(CSRF_COOKIE_NAME, token); cookie.setPath("/"); response.addCookie(cookie); } } filterChain.doFilter(request, response); } }; }
From source file:cn.org.once.cstack.config.SecurityConfiguration.java
/** * Filter CRSF to add XSFR-TOKEN between exchange * * @return/*from ww w .ja va 2 s .c o m*/ */ private Filter csrfHeaderFilter() { return new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie); } } filterChain.doFilter(request, response); } }; }
From source file:de.knightsoftnet.validationexample.server.spring.WebSecurityConfig.java
private Filter csrfHeaderFilter() { return new OncePerRequestFilter() { @Override//from w ww . j a v a 2 s.c o m protected void doFilterInternal(final HttpServletRequest prequest, final HttpServletResponse presponse, final FilterChain pfilterChain) throws ServletException, IOException { WebSecurityConfig.this.csrfCookieHandler.setCookie(prequest, presponse); pfilterChain.doFilter(prequest, presponse); } }; }
From source file:eu.supersede.fe.security.SecurityConfiguration.java
private Filter csrfHeaderFilter() { return new OncePerRequestFilter() { @Override//w ww . j av a 2 s . c om protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie); } } try { filterChain.doFilter(request, response); } catch (IOException e) { if (!csrf_error) { log.warn("Unable to apply the CSRF filter. This message will not be displayed again"); } else { csrf_error = true; } } } }; }